IT disaster recovery, cloud computing and information security news

After a multiyear development process NIST has released ‘Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations’ which updates previous guidance in this area.

The new guidance ‘offers key practices for organizations to adopt as they develop their capability to manage cybersecurity risks within and across their supply chains. It encourages organizations to consider the vulnerabilities not only of a finished product they are considering using, but also of its components - which may have been developed elsewhere - and the journey those components took to reach their destination’. 

The primary audience for the publication is acquirers and end users of products, software and services. The guidance helps organizations build cyber security supply chain risk considerations and requirements into their acquisition processes and highlights the importance of monitoring for risks.

Abstract (verbatim):

Organizations are concerned about the risks associated with products and services that may potentially contain malicious functionality, are counterfeit, or are vulnerable due to poor manufacturing and development practices within the supply chain. These risks are associated with an enterprise’s decreased visibility into and understanding of how the technology they acquire is developed, integrated, and deployed or the processes, procedures, standards, and practices used to ensure the security, resilience, reliability, safety, integrity, and quality of the products and services. This publication provides guidance to organizations on identifying, assessing, and mitigating cybersecurity risks throughout the supply chain at all levels of their organizations. The publication integrates cybersecurity supply chain risk management (C-SCRM) into risk management activities by applying a multilevel, C-SCRM-specific approach, including guidance on the development of C-SCRM strategy implementation plans, C-SCRM policies, C-SCRM plans, and risk assessments for products and services.

Read the document (PDF).


Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.